Go to listing page

Cyware Daily Threat Intelligence, June 22, 2022

Cyware Daily Threat Intelligence, June 22, 2022

Share Blog Post

Critical zero-days have been reported in Adobe Illustrator, with four of them associated with memory leaks and one with arbitrary code execution. In another update, Taiwanese hardware vendor QNAP has requested its customers’ attention to another RCE flaw that affects a wide range of devices.

Russia-backed state actors have launched another attack campaign toward Ukraine through maldocs weaponized with the Follina exploit. With this, the group attempted to target U.S. politicians and organizations, including nuclear facilities.

Top Malware Reported in the Last 24 Hours

Rig Exploit Kit changes payload
Bitdefender observed the operators of the Rig Exploit Kit dropping the Dridex banking trojan, replacing the Raccoon Stealer malware as it isn’t active anymore. Hackers have been targeting cryptocurrency apps, notable web browsers, and popular email clients. Researchers suggested that the agility of the Rig Exploit Kit allows threat actors to rapidly substitute payloads in case of detection or compromise.

Crypto-supporting browsers targeted
A PowerShell script was found targeting cryptocurrency-related browser apps or extensions, including Chrome, Brave, and Edge. Hackers can replace a wallet address with their own to fraudulently obtain the currency. The C2 communications are allegedly taking place via a newly registered domain: wmail-endpoint[.]com.

New stalker variant used against Ukraine
Malwarebytes Threat Intelligence and CERT-UA highlighted a cyberattack by Russian threat actor APT28 that weaponized the Follina exploit—through maldocs—to execute a new .Net stealer on the systems of Ukrainian organizations. The maldoc’s filename, Nuclear Terrorism A Very Real Threat.rtf, attempts to bait fearful victims in the country.

Top Vulnerabilities Reported in the Last 24 Hours

Critical RCE flaw in QNAP
QNAP is alerting its customers about an RCE flaw affecting most of its Network Attached Storage devices. The bug, identified as CVE-2019-11043, is a three-year-old critical PHP flaw affecting PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. While it was fixed for some OS devices but the devices still impacted are QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later, and QuTScloud c5.0.x and later.

Five Zero-day in Adobe Illustrator
Fortinet discovered five zero-day critical or important vulnerabilities across two Adobe Illustrator plugins. These are tracked as CVE-2022-30649, CVE-2022-30666, CVE-2022-30667, CVE-2022-30668, and CVE-2022-30669. According to researchers, the noted vulnerabilities lead to arbitrary code execution or memory leak.

Top Scams Reported in the Last 24 Hours

Scammers profiting despite crypto fall
Many crypto users and investors in India continue to fall for high-profile scams related to cryptocurrencies and crypto-trading. CloudSEK researchers revealed that the CoinEgg scam has caused losses of over $128 million via phishing domains and Android-based fake crypto applications. CoinEgg is actually a legitimate U.K-based cryptocurrency trading platform.


ukraine conflict
qnap device
cve 2019 11043
rig exploit kit
apt28 group
cert ua
rce flaws
adobe illustrator
follina flaw
dridex banking trojan
coinegg scam

Posted on: June 22, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite